Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: More information about the December 2011 ASP.Net vulnerability

    Today, we released Security Advisory 2659883 alerting customers to a newly disclosed denial-of-service vulnerability affecting several vendors’ web application platforms, including Microsoft’s ASP.NET. This blog post will cover the following: Impact of the vulnerability How to know...
  • Blog Post: Assessing the risk of the June security updates

    Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately...
  • Blog Post: MS11-044: JIT compiler issue in .NET Framework

    Today we have released MS11-044 to address CVE-2011-1271, a remote code execution vulnerability in the .NET framework. Here we would like to provide more technical information about this vulnerability and why we believe this issue to be unlikely to be exploited. This root cause of CVE-2011-1271 is...
  • Blog Post: MS12-025 and XBAP: No longer a driveby threat

    One of the security bulletins released today, MS12-025 , addresses a code execution vulnerability in the .NET Framework. To exploit the vulnerability, an attacker would build a malicious XBAP application and lure victims to a malicious website serving the XBAP. The good news is that a zero-click “driveby”...
  • Blog Post: ASP.NET security update is live!

    Today we released MS11-100 , addressing a newly disclosed denial-of-service vulnerability affecting several vendors’ Web application platforms, including Microsoft’s ASP.NET. Yesterday, we posted an SRD blog describing the vulnerability and the detection and workaround opportunities. With...
  • Blog Post: MS09-061: More information about the .NET security bulletin

    MS09-061 fixes vulnerabilities in the .NET Framework which could allow malicious .NET applications execute arbitrary native code, resulting in remote code execution. This post is intended to help clarify the attack vectors for these vulnerabilities, and to cover recommended workarounds. Important...
  • Blog Post: MS10-041: XML Signature HMAC Truncation Bypass Vulnerability

    Today we released MS10-041 addressing an issue in the implementation of the XML signature functionality in the .NET Framework with an Important severity rating. We’d like to shed more light on that case here. Am I at risk? No Microsoft products are subject to this vulnerability. However...